Hi,
It's a good idea, but quite tough to implement. It would require passing socket descriptors, configuration file, certificates, private keys, CRLs, and possibly other stuff between processes with different permissions.
That's true.
Alternatively I could just drop support for setuid and chroot, as my budget is much smaller than the budget of Apache Foundation: http://www.apache.org/foundation/records/minutes/2010/board_minutes_2010_04_...
I don't blame you, I am well are that you are not backed by a large team of programmers and money. It was just meant as an idea how to enhance stunnel, not as a complaint. I'm sorry, if you got me wrong. A workaround exists and I am satisfied with that. :)
Thanks!
Stefan Behte